From mboxrd@z Thu Jan 1 00:00:00 1970 From: Heiko Schocher Date: Fri, 14 Feb 2014 06:06:34 +0100 Subject: [U-Boot] [PATCH 2/7] fdt: add "fdt sign" command In-Reply-To: <201402132126.00883.marex@denx.de> References: <1390632269-8971-1-git-send-email-hs@denx.de> <201402121146.43099.marex@denx.de> <52FB93E6.20109@denx.de> <201402132126.00883.marex@denx.de> Message-ID: <52FDA45A.8000401@denx.de> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Hello Marek, Am 13.02.2014 21:26, schrieb Marek Vasut: > On Wednesday, February 12, 2014 at 04:31:50 PM, Heiko Schocher wrote: >> Hello Marek, >> >> Am 12.02.2014 11:46, schrieb Marek Vasut: >>> On Monday, February 10, 2014 at 07:15:09 AM, Heiko Schocher wrote: >>>> Hello Marek, >>>> >>>> Am 08.02.2014 15:09, schrieb Marek Vasut: >>>>> On Saturday, January 25, 2014 at 07:44:24 AM, Heiko Schocher wrote: >>>>>> check if a fdt is correct signed >>>>>> pass an optional addr value. Contains the addr of the key blob >>>>>> >>>>>> Signed-off-by: Heiko Schocher >>>>>> Cc: Simon Glass >>>>> >>>>> Should the FIT signature checking really be part of the 'fdt' command ? >>>>> Shouldn't 'bootm' check the signature (well, 'bootm prep' or such does) >>>>> or somesuch command ? >>>> >>>> Why not? I use this "fdt check" command for example in a script, for >>>> checking if the FIT image is correct signed, and if so, update with >>>> the binaries in it some UBI Volumes (not only kernel, dt and/or >>>> rootfs) ... but if this is not accepted, I can look into the bootm >>>> command if I can use it ... but I do not want boot the FIT image ... >>> >>> But doesn't 'bootm prep' (aka. prepare the image for booting, but do not >>> actually boot) do the same thing ? It does verify the image etc., right ? >> >> Yes, but maybe do "etc" things I do not need? >> >> From the "bootm prep" help text: >> "prep - OS specific prep before relocation or go" >> >> "OS specific prep or go" ... Hmm... >> >> - The "fdt checksign" command (as I renamed it in v2) does no "OS >> specific" things, only check the signature of the FIT image. >> There is no OS dependency ... With "bootm prep" there are maybe >> done OS specific things with the FIT Image ... >> maybe in my case it would work, but is this true for all boards? >> >> - "or go" ... I definitely do not want to boot the FIT Image! > > CC Simon, he might clear this up. I'm sick (flu?) and I don't want to leave this Simon is on Cc, and he remarked to rename this "fdt sign" into "fdt checksign", I did in the "v2" of this patch ... > thread hanging , sorry. Bad news. I hope you get well soon! bye, Heiko -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany